Air Force Claims Drone Malware Was 'Nuisance' Rather Than Serious Threat

The U.S. Air Force issued a statement clarifying that the malware affecting the drone fleet was on a stand-alone system and was just after login credentials.

The
malware that infected the system that controls the United States' fleet of
unmanned aircraft was never a real threat, just a "nuisance,"
according to the Air Force.
Reports
emerged last week of a mysterious keylogger that was found on the systems used
by Air Force pilots to communicate with the Predator and Reaper drones. The
program was persistent and kept returning despite repeated attempts to remove
it. While the Air Force does not routinely discuss operational status, the Air
Force Space Command issued a statement Oct. 12 to "correct recent
reporting."

It
was previously reported that the virus may have removed data from classified
and unclassified networks. Wired.com claimed senior Air Force officials were
unaware of the breach until the news reports broke online. The statement
contradicted the claim, saying the military had been aware of the infection all
along.

"We
felt it important to declassify portions of the information associated with
this event to ensure the public understands that the detected and quarantined
virus posed no threat to our operational mission and that control of our
remotely piloted aircraft was never in question," said Col. Kathleen Cook,
spokesperson for Air Force Space Command.
The
Air Force first detected malware on portable hard drives that were approved for
use at Creech Air Force Base in Nevada for transferring information between
systems on Sept. 15. The 24th Air Force, stationed at Creech, detected and
isolated the software program "using standard tools and processes for
monitoring and protecting" the systems, according to the statement.
The
Air Force "began a forensic process" to track the origin of the
malware and clean infected systems. However, the statements didn't mention
claims in earlier news reports that Creech's IT staff reportedly removed the
malware from its systems, only to have it return. Nor did the statement say
whether the clean-up process had completed.
The
broader concern is how did the infection happen in the first place and how do
we prevent it from happening again, according to Cliff Unger, director of
public sector initiatives for Belkin. It is not clear from the information
available what measures are being taken or not taken, Unger told eWEEK.
"If
the virus came in through a removable drive, it had to come from somewhere else-viruses
don't just magically appear," Jon-Louis Heimerl, director of strategic
security at Solutionary, told eWEEK.
Detected
running on a Windows-based, stand-alone mission-support network, the infected
machine was part of the ground control system that supports Remotely Piloted
Aircraft (RPA) operations, according to the Air Force. The system is completely
separate from the actual flight control system that the Air Force pilots use to
fly the drones.
"The
ability of the RPA pilots to safely fly these aircraft remained secure
throughout the incident," the Air Force said.
The
fact that it got on a siloed, isolated and secure system is "of paramount
concern," Unger said. The Air Force is trying to assure the public there's
no risk of data loss, or of a threat, but the fact remains that regardless of
what the system does, there needs to be proper hygiene, he said.
The
Air Force also clarified that the malware was not a keylogger, but a
"credential stealer" routinely found on computer networks. It is not
designed to transmit data or video, nor can it corrupt data, files or programs.
An anonymous official told the Associated Press the malware was "routinely
used to steal log-in and password data" from online games such as Mafia
Wars and gambling sites.
It
doesn't matter what the malware does; what does matter is that it got on a
secured system in the first place, according to Unger.
"Our
tools and processes detect this type of malware as soon as it appears on the
system, preventing further reach," according to the Air Force, adding that
it will "continue to strengthen our cyber defenses" with updates to
its antivirus software and other methods.
From
an IT standpoint, organizations generally don't want any rogue software on the
system, Unger said, noting that even the most "innocuous" program can
take up system resources. It is important to maintain clean cyber-hygiene and
keep systems and networks clean, according to Unger.
"We
are fortunate it didn't have much of an impact," Unger said.